Internet Explorer vulnerability allows stealing saved files when printing screen - La Provincia

Una vulnerabilidad de Internet Explorer permite robar archivos guardados al imprimir pantalla

A'zero-day' vulnerability of the Internet Explorer browser, classified as high severity, allows to extract the files saved on Windows computers through files with MHT extension taking advantage of when the user prints the screen.

As cybersecurity researcher John Page warned and the Seclist security site is collected, the Internet Explorer vulnerability takes advantage of the way the browser processes the MHT files, which were used toallow users to save web pages in the browser.

According to the research, "Internet Explorer is vulnerable to an XML attack by an external entity if the user opens a file with a specially designed MHT extension locally," explained Page.

Through this 'zero day' vulnerability, which has been classified as high severity by Page,Attackers can carry out actions such as stealing local filesof the user or access to the local information of the information of the installed programs.

Normally, when launching ActiveX objects, Internet browsers show users warning messages and block them until they are accepted. This security process is not followed in certain MHT files withmalicious XML bookmarks.

Also, the Internet Explorer security problem also affected users when carrying out functions when carrying out commands to save web pages such as 'Control + K', print screen or 'preview'.

The vulnerability, which is present in Internet Explorerin its version 11 both in Windows 10As in Windows 7, it has been brought to the attention of Microsoft, who has responded to Page that "for the moment, we will not provide updates on the repair of this problem, and we have closed the case".

Microsoft has reported that thedevelopment of a patchthat puts an end to Internet Explorer's vulnerability "will be considered in future versions" of the service.


Source link